Allow supplementary groups to be added via config file

Allow supplementary groups to be set via the /etc/default/useradd config
file. Allowing an administrator to set additonal groups via the GROUPS
configurable and control the default behaviour of useradd.
This commit is contained in:
Andy Zaugg 2022-10-18 16:30:14 -07:00 committed by Serge Hallyn
parent e0524e813a
commit e8d2bc8d8b
7 changed files with 185 additions and 1 deletions

View File

@ -263,7 +263,9 @@
intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option>
option. The default is for the user to belong only to the
initial group.
initial group. In addition to passing in the -G flag, you can
add the option <option>GROUPS</option> to the file <filename>/etc/default/useradd</filename>
which in turn will add all users to those supplementary groups.
</para>
</listitem>
</varlistentry>

View File

@ -80,6 +80,7 @@ const char *Prog;
* These defaults are used if there is no defaults file.
*/
static gid_t def_group = 1000;
static const char *def_groups = "";
static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "/bin/bash";
@ -183,6 +184,7 @@ static bool home_added = false;
#endif /* ENABLE_SUBIDS */
#define DGROUP "GROUP="
#define DGROUPS "GROUPS="
#define DHOME "HOME="
#define DSHELL "SHELL="
#define DINACT "INACTIVE="
@ -399,6 +401,17 @@ static void get_defaults (void)
}
}
if (MATCH (buf, DGROUPS)) {
if (get_groups (cp) != 0) {
fprintf (stderr,
_("%s: the '%s' configuraton in %s has an invalid group, ignoring the bad group\n"),
Prog, DGROUPS, default_file);
}
if (user_groups[0] != NULL) {
do_grp_update = true;
def_groups = xstrdup (cp);
}
}
/*
* Default HOME filesystem
*/
@ -497,6 +510,7 @@ static void get_defaults (void)
static void show_defaults (void)
{
printf ("GROUP=%u\n", (unsigned int) def_group);
printf ("GROUPS=%s\n", def_groups);
printf ("HOME=%s\n", def_home);
printf ("INACTIVE=%ld\n", def_inactive);
printf ("EXPIRE=%s\n", def_expire);
@ -525,6 +539,7 @@ static int set_defaults (void)
int ofd;
int wlen;
bool out_group = false;
bool out_groups = false;
bool out_home = false;
bool out_inactive = false;
bool out_expire = false;
@ -628,6 +643,9 @@ static int set_defaults (void)
if (!out_group && MATCH (buf, DGROUP)) {
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
out_group = true;
} else if (!out_groups && MATCH (buf, DGROUPS)) {
fprintf (ofp, DGROUPS "%s\n", def_groups);
out_groups = true;
} else if (!out_home && MATCH (buf, DHOME)) {
fprintf (ofp, DHOME "%s\n", def_home);
out_home = true;
@ -668,6 +686,8 @@ static int set_defaults (void)
*/
if (!out_group)
fprintf (ofp, DGROUP "%u\n", (unsigned int) def_group);
if (!out_groups)
fprintf (ofp, DGROUPS "%s\n", def_groups);
if (!out_home)
fprintf (ofp, DHOME "%s\n", def_home);
if (!out_inactive)

View File

@ -0,0 +1,8 @@
# no testsuite password
# root password: rootF00barbaz
# myuser password: myuserF00barbaz
user foo, in group bin
user foo, in group adm
user foo, in group man
user foo, in group cdrom

View File

@ -0,0 +1,40 @@
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your
# system.
# Similar to DHSELL in adduser. However, we use "sh" here because
# useradd is a low level utility and should be as general
# as possible
SHELL=/bin/foobar
#
# The default group for users
# 100=users on Debian systems
# Same as USERS_GID in adduser
# This argument is used when the -n flag is specified.
# The default behavior (when -n and -g are not specified) is to create a
# primary user group with the same name as the user being added to the
# system.
GROUP=10
#
# Addional supplementary groups for users
GROUPS=bin,adm,man,cdrom
#
# The default home directory. Same as DHOME for adduser
#
HOME=/tmp
#
# The number of days after a password expires until the account
# is permanently disabled
INACTIVE=12
#
# The default expire date
EXPIRE=2007-12-02
#
# The SKEL variable specifies the directory containing "skeletal" user
# files; in other words, files such as a sample .profile that will be
# copied to the new user's home directory when it is created.
# SKEL=/etc/skel
#
# Defines whether the mail spool should be created while
# creating the account
# CREATE_MAIL_SPOOL=yes

View File

@ -0,0 +1,41 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:

View File

@ -0,0 +1,42 @@
root:x:0:
daemon:x:1:
bin:x:2:foo
sys:x:3:
adm:x:4:foo
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:foo
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:foo
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
foo:x:1000:

View File

@ -0,0 +1,31 @@
#!/bin/sh
set -e
cd "$(dirname $0)"
. ../../../common/config.sh
. ../../../common/log.sh
log_start "$0" "useradd adds supplementary groups based on the GROUPS field in /etc/deault/useradd"
save_config
# restore the files on exit
trap 'log_status "$0" "FAILURE"; restore_config' 0
change_config
printf "Create user foo, with group associations with bin,adm,man,cdrom..."
useradd foo
printf "OK\n"
printf "Check the group file..."
../../../common/compare_file.pl data/group /etc/group
printf "OK\n"
log_status "$0" "SUCCESS"
restore_config
trap '' 0